Apache mod_negotiation is enabled

Description

Kayran has found that mod_negotiation is enabled on your Apache.
mod_negotiation is an Apache module which is responsible for selecting the document that best matches the clients set of capabilities, from one of several available documents.
If a certain user uses an invalid accept header, the server will response with a 406 error which might contain directory listing.

All of it, can lead to the possibility of attackers learning more about their targets.
For example, it can help an attacker to find backup files, generate credentials and so on.

Recommendation

Simply disable the MultiViews directive from the Apache’s configuration file and restart Apache so the changes will take effect.

References

https://httpd.apache.org/docs/2.4/mod/mod_negotiation.html

< Return to all Vulnerabilities

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »